ActiveSupport is vulnerable to Locally Encrypted File Disclosure. The vulnerability exists because the library’s temporary file’s permissions default to the user’s current umask
settings, which allows an attacker on the same system to read the contents of the temporary file before it gets encrypted to disk.